Описание
Security update for quagga
This update for quagga fixes the following issues:
- CVE-2017-15865: sensitive information disclosed when malformed BGP UPDATE packets are processed. (bsc#1230866)
- CVE-2024-44070: crash when parsing Tunnel Encap attribute due to no length check. (bsc#1229438)
- CVE-2022-37032: out-of-bounds read when parsing a BGP capability message due to incorrect size check. (bsc#1202023)
Список пакетов
SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS
libfpm_pb0-1.1.1-150400.12.8.1
libospf0-1.1.1-150400.12.8.1
libospfapiclient0-1.1.1-150400.12.8.1
libquagga_pb0-1.1.1-150400.12.8.1
libzebra1-1.1.1-150400.12.8.1
quagga-1.1.1-150400.12.8.1
quagga-devel-1.1.1-150400.12.8.1
SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS
libfpm_pb0-1.1.1-150400.12.8.1
libospf0-1.1.1-150400.12.8.1
libospfapiclient0-1.1.1-150400.12.8.1
libquagga_pb0-1.1.1-150400.12.8.1
libzebra1-1.1.1-150400.12.8.1
quagga-1.1.1-150400.12.8.1
quagga-devel-1.1.1-150400.12.8.1
SUSE Linux Enterprise Module for Server Applications 15 SP5
libfpm_pb0-1.1.1-150400.12.8.1
libospf0-1.1.1-150400.12.8.1
libospfapiclient0-1.1.1-150400.12.8.1
libquagga_pb0-1.1.1-150400.12.8.1
libzebra1-1.1.1-150400.12.8.1
quagga-1.1.1-150400.12.8.1
quagga-devel-1.1.1-150400.12.8.1
SUSE Linux Enterprise Module for Server Applications 15 SP6
libfpm_pb0-1.1.1-150400.12.8.1
libospf0-1.1.1-150400.12.8.1
libospfapiclient0-1.1.1-150400.12.8.1
libquagga_pb0-1.1.1-150400.12.8.1
libzebra1-1.1.1-150400.12.8.1
quagga-1.1.1-150400.12.8.1
quagga-devel-1.1.1-150400.12.8.1
SUSE Linux Enterprise Server 15 SP4-LTSS
libfpm_pb0-1.1.1-150400.12.8.1
libospf0-1.1.1-150400.12.8.1
libospfapiclient0-1.1.1-150400.12.8.1
libquagga_pb0-1.1.1-150400.12.8.1
libzebra1-1.1.1-150400.12.8.1
quagga-1.1.1-150400.12.8.1
quagga-devel-1.1.1-150400.12.8.1
SUSE Linux Enterprise Server for SAP Applications 15 SP4
libfpm_pb0-1.1.1-150400.12.8.1
libospf0-1.1.1-150400.12.8.1
libospfapiclient0-1.1.1-150400.12.8.1
libquagga_pb0-1.1.1-150400.12.8.1
libzebra1-1.1.1-150400.12.8.1
quagga-1.1.1-150400.12.8.1
quagga-devel-1.1.1-150400.12.8.1
SUSE Manager Proxy 4.3
libfpm_pb0-1.1.1-150400.12.8.1
libospf0-1.1.1-150400.12.8.1
libospfapiclient0-1.1.1-150400.12.8.1
libquagga_pb0-1.1.1-150400.12.8.1
libzebra1-1.1.1-150400.12.8.1
quagga-1.1.1-150400.12.8.1
quagga-devel-1.1.1-150400.12.8.1
SUSE Manager Server 4.3
libfpm_pb0-1.1.1-150400.12.8.1
libospf0-1.1.1-150400.12.8.1
libospfapiclient0-1.1.1-150400.12.8.1
libquagga_pb0-1.1.1-150400.12.8.1
libzebra1-1.1.1-150400.12.8.1
quagga-1.1.1-150400.12.8.1
quagga-devel-1.1.1-150400.12.8.1
openSUSE Leap 15.5
libfpm_pb0-1.1.1-150400.12.8.1
libospf0-1.1.1-150400.12.8.1
libospfapiclient0-1.1.1-150400.12.8.1
libquagga_pb0-1.1.1-150400.12.8.1
libzebra1-1.1.1-150400.12.8.1
quagga-1.1.1-150400.12.8.1
quagga-devel-1.1.1-150400.12.8.1
openSUSE Leap 15.6
libfpm_pb0-1.1.1-150400.12.8.1
libospf0-1.1.1-150400.12.8.1
libospfapiclient0-1.1.1-150400.12.8.1
libquagga_pb0-1.1.1-150400.12.8.1
libzebra1-1.1.1-150400.12.8.1
quagga-1.1.1-150400.12.8.1
quagga-devel-1.1.1-150400.12.8.1
Ссылки
- Link for SUSE-SU-2024:3478-1
- E-Mail link for SUSE-SU-2024:3478-1
- SUSE Security Ratings
- SUSE Bug 1202023
- SUSE Bug 1229438
- SUSE Bug 1230866
- SUSE CVE CVE-2017-15865 page
- SUSE CVE CVE-2022-37032 page
- SUSE CVE CVE-2024-44070 page
Описание
bgpd in FRRouting (FRR) before 2.0.2 and 3.x before 3.0.2, as used in Cumulus Linux before 3.4.3 and other products, allows remote attackers to obtain sensitive information via a malformed BGP UPDATE packet from a connected peer, which triggers transmission of up to a few thousand unintended bytes because of a mishandled attribute length, aka RN-690 (CM-18492).
Затронутые продукты
SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:libfpm_pb0-1.1.1-150400.12.8.1
SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:libospf0-1.1.1-150400.12.8.1
SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:libospfapiclient0-1.1.1-150400.12.8.1
SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:libquagga_pb0-1.1.1-150400.12.8.1
Ссылки
- CVE-2017-15865
- SUSE Bug 1230866
Описание
An out-of-bounds read in the BGP daemon of FRRouting FRR before 8.4 may lead to a segmentation fault and denial of service. This occurs in bgp_capability_msg_parse in bgpd/bgp_packet.c.
Затронутые продукты
SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:libfpm_pb0-1.1.1-150400.12.8.1
SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:libospf0-1.1.1-150400.12.8.1
SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:libospfapiclient0-1.1.1-150400.12.8.1
SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:libquagga_pb0-1.1.1-150400.12.8.1
Ссылки
- CVE-2022-37032
- SUSE Bug 1202023
Описание
An issue was discovered in FRRouting (FRR) through 10.1. bgp_attr_encap in bgpd/bgp_attr.c does not check the actual remaining stream length before taking the TLV value.
Затронутые продукты
SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:libfpm_pb0-1.1.1-150400.12.8.1
SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:libospf0-1.1.1-150400.12.8.1
SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:libospfapiclient0-1.1.1-150400.12.8.1
SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:libquagga_pb0-1.1.1-150400.12.8.1
Ссылки
- CVE-2024-44070
- SUSE Bug 1229438